First published 5 November 2024
CVSS 3.1: 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A critical security vulnerability has been found in the Chromium web browser used in IGEL OS. This affects the following IGEL products:
-
IGEL OS 12
-
IGEL OS 11
Details
An out-of-bounds write has been found in Dawn, the WebGPU implementation in Chromium. It allows a remote attacker to write to memory out of bounds via a crafted HTML page. This is tracked as CVE-2024-10487 and rated critical.
In addition, a use-after-free has been discovered in the WebRTC component of Chromium. A remote attacker could potentially use it for heap corruption via an HTML page (CVE-2024-10488, high).
Update Instructions
-
IGEL OS 12: Update to the IGEL OS app with Chromium version 130.0.6723.91 as soon as it is available from the IGEL App Portal.
-
IGEL OS 11: Update to IGEL OS version 11.10.210 as soon as it is available.
References
-
Chrome Releases Blog: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html